Holistic view of Threat Intelligence

ABSTRACT :

As customer is using our Apptrana product to secure their web application and installed other Network layer devices in their infrastructure. Due to the ongoing zero-day attacks, DDOS attacks, Slowloris attacks, downtime alerts from Apptrana Solution get missed, which is impacting their business in various ways such as:

• During the incident handling, they do not have any proper steps to take forward because of insufficient data.
• Continuously effecting the Business Compliance and regulations.
• Difficult to analyse the huge humungous data when any incident occurs.
• Difficult to find and react to security breaches, threats & downtime.
• Their technical team fails to collect all the data to create a comprehensive report.
• They cannot be detected any unplanned changes being made in real time and alerting mechanism to any unusual activities.

• Apptrana helps them to block malicious activity on their application, but they fail to manage the alert coming through the Apptrana product.

• Lost revenues as a result of avoidable downtime.

Overall, Customer’s requirement is to get a real time threat intelligence solution to safeguard their own and their customer’s confidential data from threats and other attack vectors along with our Apptrana solution. Hence their security team restructure the technology squad where Apptrana keeps on blocking and alerting about the threats and they need to monitor those alerts through their internal security monitoring team to have a complete comprehensive security program.

Even though, to deploy any SIEM within the infrastructure, the main challenges were:

• They need to integrate the Apptrana solution with SIEM.
• Out of many other devices and appliances in scope of implementation, which do not have the direct integration and the generated log formats were might be not supported by the SIEM Engine.
• Customer needs the expert person who can manage and handle the outcomes of the SIEM.

STRATEGY & RECOMMENDED SOLUTION :

We recommend to integrate the SIEM solution with our Apptrana product which is compatible with top all SIEM solution provider and our team helps them to integrate the SIEM with our Apptrana solution.

IMPLEMENTATIONS :

After implementing the SIEM solution with our Apptrana WAF, client can retrieve the attack details from the SIEM services which enabled in Apptrana portal. As it’s fulfilled the requirement of the customer to fetch the attack logs from the Apptrana in a proper format which helps them to analyze it easily and quickly. They can now view the following parameters as in a log format.

• Time Frame: It specifies the start and end time of the incident.
• Event Type: It specifies either the request get LOG or BLOCK.
• Access Token: It is mandatory while requesting and should be passed in authorisation header.
• Website name: Name of the Website for which details should be retrieved.
• API Details: The API details which contain the endpoint, Header, Request Body without website, Success Response, Error Response.

RESULTS :

This organization now has a secure, stable and PCI compliant IT Infrastructure that can detect unplanned changes in real time, alerting to any unusual activity that can be dealt with appropriately before any damage can be done. After our suggestion and helps in integrating the SIEM solution with our Apptrana

WAF, they feel secure in various ways such as:

• Drastically reduce the security incident investigate time.
• Take proper steps when the alert of DDOS attacks being provided by the Apptrana solution through SIEM.
• Gained ability to prevent lost revenue from unnecessary e-commerce and point of sale downtime.
• Achieved cost savings by shutting down unnecessary Amazon web Services instances.
• Their team can now constantly monitoring of their application and suspicious activities.
• Their monitoring squad can prevent and react to security breaches, threats and any downtime alerts.
• Identify the improvement based on the facts in the comprehensive reports.